我正在尝试构建一个简单的注册页面和登录页面。下面是我的代码
const express = require("express");
const app = express();
const mongoose = require("mongoose");
const cookieParser = require('cookie-parser')
const session = require('express-session')
const bodyParser = require("body-parser");
const ejs = require("ejs");
const User = require("./models/user")
const bcrypt = require("bcrypt")
const saltRounds = 10;
require('dotenv').config()
app.set("view engine", "ejs");
app.use(express.static("public"));
app.use(cookieParser ("This is my secret"))
app.use(session({
secret: process.env.SECRET,
resave: false,
saveUninitialized:false,
}))
app.use(bodyParser.urlencoded({extended:true}))
app.get("/", (req,res)=>{
console.log(process.env.SECRET)
res.send("welcome to homepage")
})
app.get("/signup",(req, res)=>{
res.render("signup")
})
app.post("/signup", (req,res, next)=>{
let {username, password} = req.body
bcrypt.genSalt(saltRounds, (err, salt)=>{
if (err){
next(err)
}
console.log(salt)
bcrypt.hash(password, salt, (err, hash)=>{
let newUser = new User({username, password})
try{
newUser.save().then(()=>{
console.log(req.body)
res.send("data has been saved")
}).catch((e)=>{
res.send("error")
console.log(e)
})
}catch(e){
next(e)
}
})
})
})
app.get("/login", (req,res)=>{
res.render("login")
})
app.post("/login", async (req, res, next) => {
let { username, password } = req.body;
try {
let foundUser = await User.findOne({ username });
if (!foundUser) {
res.send("User not found");
} else {
const isMatch = bcrypt.compare(password, foundUser.password);
if (!isMatch) {
res.send("Password incorrect");
} else {
// Password is correct, render the secret page
res.render("secret");
}
}
} catch (e) {
next(e);
}
});
app.get("/*", (req, res)=>{
res.status(404).send("404 page not found")
})
//global error settintg
app.use((err, req, res, next)=>{
console.log(err)
res.status(500).send("Something wrong happened")
})
mongoose.connect('mongodb://127.0.0.1:27017/studentDB').then(()=>{
console.log("U success")
}).catch(e =>{
console.log("connection failed");
console.log(e);
})
app.listen(3000, () => {
console.log("Server running on port 3000.");
});
我发现在
阶段app.post("/login", async (req, res, next) => {
let { username, password } = req.body;
try {
let foundUser = await User.findOne({ username });
if (!foundUser) {
res.send("User not found");
} else {
const isMatch = bcrypt.compare(password, foundUser.password);
if (!isMatch) {
res.send("Password incorrect");
} else {
// Password is correct, render the secret page
res.render("secret");
}
}
} catch (e) {
next(e);
}
});
无论密码正确与否,仍然可以进入秘密页面
然后我问chatgpt,它告诉我在bcrypt.compare之前添加await就像
app.post("/login", async (req, res, next) => {
let { username, password } = req.body;
try {
let foundUser = await User.findOne({ username });
if (!foundUser) {
res.send("User not found");
} else {
const isMatch = await bcrypt.compare(password, foundUser.password);
if (!isMatch) {
res.send("Password incorrect");
} else {
// Password is correct, render the secret page
res.render("secret");
}
}
} catch (e) {
next(e);
}
});
注册页面运行良好,它返回“数据已保存”并控制台正确的用户名和密码。例如用户名:[电子邮件受保护]密码:1234 然后我在登录页面检查了控制台 它返回的内容与注册页面完全相同 但无论密码正确与否,都返回密码错误
阅读 docs 您应该使用 bcrypt 比较函数,例如:
bcrypt.compare(req.body.password, user.password, function(err, result) {
if (err){
return false;
}
if (result) {
return true;
} else {
// response is OutgoingMessage object that server response http request
return false;
}
});
因此您可以处理错误或处理密码不匹配并将响应发送给用户